#2 - A more specific subdomain case: store.domain.com as a subdomain to an existing site as an area to take payments. (A SSL certificate is against this subdomain)
The IP address to both as you might guess is identical.
How do I enforce SSL on the subdomain in question and ensure the SSL section, like above, applies only to the subdomain? Eg: Users cannot browse the entire site using URI’s like store.domain.com/about, store.domain.com/products
I have thought a lot of the best way to set this up and this is the approach I would like to use, but I am more than open to guidance on best practices or alternative approaches.
Your tutorials rock! But inheritance issues and .htaccess is something I fear may take much more time to learn. I’m amazed at the power of it though.
Looking purely at the store subdomain:
Here is the root (parent .htaccess)
RewriteEngine On
RewriteBase /
# add the www if called as your-site.com only
# the 301 redirect makes it stick, also important for SEO
RewriteCond %{HTTP_HOST} ^(vorari.*) [NC]
RewriteRule ^ http://www\\.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# redirect the primary site to its actual home directory
# The EE database is 'xxxx'
RewriteCond %{HTTP_HOST} ^www.vorari.com [NC]
RewriteCond %{REQUEST_FILENAME} !aa/
RewriteRule ^(.*)$ aa/$1 [L]
# Redirects store.vorari.com to the bb subfolder on the main website
RewriteCond %{HTTP_HOST} ^store.vorari.com [NC]
RewriteCond %{REQUEST_FILENAME} !bb/
RewriteRule ^(.*)$ bb/$1 [L]
So the above code merely guides it to the correct subdirectory. In this case both ‘aa’ and ‘bb’ are the same site, with ‘bb’ being a different folder.
The .htaccess file of bb is:
RewriteEngine On
RewriteBase /
# RewriteBase /bb/ (Append document root to this domain)
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
RewriteRule ^$ index.php?/commerce/index [L]
I do mean to enforce use of the subdomain, but only for select subfolders. This is where it gets tricky:
eg: store.domain.com has a given dynamic template assigned. I just want to prevent people from going to other parts of that site with that subdomain. (eg: store.domain.com/about should fail)
so it seems appropriate to involve mod_rewrite by checking (in the bb subdirectory) that the {HTTP_HOST} is store.domain.com and that it is not accessing a link off that subdomain that isn’t permitted. If not, redirect to the subdomain without the bb/ directory. Problem is I can’t see a clear way to do that without getting into a loop. I check {HTTP_HOST} but I need to compare this to the directory/folder.
From your site with this in the .htaccess setup, I don’t see how to prevent the redirect based on not permitted content. I was initially thinking redirect?
Again, simple stuff - but NOT something to use mod_rewrite on! This is a simple matter of creating your subdomain’s DocumentRoot in the blog subdirectory of your domain. If you mean to enforce use of the subdomain, too, then (and only then) involve mod_rewrite by checking (in the blog subdirectory) that the {HTTP_HOST} is blog.domain.com and, if not, redirect to the subdomain without the blog/ directory.
#2 - A more specific subdomain case: store.domain.com as a subdomain to an existing site as an area to take payments. (A SSL certificate is against this subdomain)
The IP address to both as you might guess is identical.
How do I enforce SSL on the subdomain in question and ensure the SSL section, like above, applies only to the subdomain? Eg: Users cannot browse the entire site using URI’s like store.domain.com/about, store.domain.com/products
Same answer but add the {SERVER_PORT} (match 80, not 443) to the RewriteConds to redirect to the secure server. If you need some examples of selective secure/non-secure, check the tutorial linked in my signature.
It’s obvious that you’ve done a lot of work on your mod_rewrite so I have to question your fear of taking too much time to learn. Please remember that I’m here trying to TEACH (help members learn), not spoonfeeding code.
I’m a little concerned (for my understanding of your physical directories and where the index.php file is located for your “canned program”) but let me reiterate my earlier post - I’ll comment on your .htaccess afterward. Trust me, you don’t want to receive my Rant #3!
domain - force www for all requests including subdomain requests.
domain contains at least two subdirectories with one requiring that it be addressed strictly as the subdomain (which, if the subdomain is pointing at the subdirectory, will preclude access to any of domain’s other subdirectories or its root). On that basis, I’m guessing that the store subdomain (and the other one) share the domain’s root directory.
If that’s the case, you can handle all your mod_rewrite in the DocumentRoot:
Force www on all (WITHOUT a subdomain).
If subdirectory is store and subdomain is not store, redirect (it’ll show so 301 the redirect).
If subdirectory is NOT store, redirect to www.domain
It looks like you’re redirecting everything (!-f and !-d) to a subdirectory. Just do it (excluding store, of course).
From your site with this in the .htaccess setup, I don’t see how to prevent the redirect based on not permitted content. I was initially thinking redirect?
RewriteEngine on
RewriteCond %{HTTP_HOST} ^store\\.?vorari\\.com$ [NC]
# store optional dot vorari dot com? Why the optional dot?
RewriteCond %{HTTP_HOST} !^www\\. [NC]
RewriteRule .? http://www.vorari.com%{REQUEST_URI} [R=301,L]
Why not
# enforce store subdomain for store subdirectory
RewriteCond %{HTTP_HOST} !^store [NC]
RewriteRule ^store(/(.*))?$ http://store.vorari.com/store$1 [R=301,L]
# enforce NOT store subdomain for NOT store subdirectory
RewriteCond %{HTTP_HOST} ^store [NC]
RewriteRule !^store http://www.vorari.com%{REQUEST_URI} [R=301,L]